当前位置: 首页 > ds >正文

ansible变量+管理机密

ds 2025/9/3 5:49:42

ansible变量

定义变量规则:由字母/数字/下划线组成,变量需要以字母开头,ansible内置的关键字不能作为变量名

ansible中,可以将变量简化为三个范围

Global范围(高):从命令行和ansible配置设置的变量

play范围(中):在play和相关结构中设置的变量

Host范围(低):inventory、facts或register的变量,在主机组和个别主机上设置的变量

三个范围的变量优先级由高到低,如果变量重复定义,则以优先级高的为准

注册和定义变量的各种方式

ansible中定义变量的方式有很多种,大致有:

(1) 将模块的执⾏结果注册为变量(register) (2) 直接定义字典类型的变量 (3) role中⽂件内定义变量 (4) 命令⾏传递变量(-e) (5) 借助with_items迭代将多个task的结果赋值给⼀个变量(循环变量) (6) inventory中的主机或主机组变量 (7) 内置变量(Magic Variables)(8)事实变量(Facts)

vars定义变量:

[student@master ansible]$ vim a.yml
---
- name: testhosts: node1vars:aa: 11bb: 22cc: c1: 33c2: 44tasks:- name: test1debug:msg: "{{ aa }}"- name: test2debug:msg: "{{ bb }}"- name: test3debug:msg: "{{ cc.c1 }}"- name: test4debug:msg: "{{ cc.c2 }}"
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": 11
}TASK [test2] *******************************************************************
ok: [node1] => {"msg": 22
}TASK [test3] *******************************************************************
ok: [node1] => {"msg": "33"
}TASK [test4] *******************************************************************
ok: [node1] => {"msg": "44"
}PLAY RECAP *********************************************************************
node1                      : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim a.yml
---
- name: testhosts: node1vars:aa: 11bb: 22cc:c1: 33c2: 44tasks:- name: test1debug:msg: this is {{ aa }}     ////////- name: test2debug:msg: "{{ bb }}"- name: test3debug:msg: "{{ cc.c1 }}"- name: test4debug:msg: "{{ cc.c2 }}"
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": "this is 11"      //////////
}TASK [test2] *******************************************************************
ok: [node1] => {"msg": 22
}TASK [test3] *******************************************************************
ok: [node1] => {"msg": "33"
}TASK [test4] *******************************************************************
ok: [node1] => {"msg": "44"
}PLAY RECAP *********************************************************************
node1                      : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

vars_files定义变量:

[student@master ansible]$ vim fy
aa: 1
bb: 2
cc:c1: 3c2: 4
~    
[student@master ansible]$ vim a.yml
---
- name: testhosts: node1vars_files:- /home/student/ansible/fytasks:- name: test1debug:msg: this is {{ aa }}- name: test2debug:msg: "{{ bb }}"- name: test3debug:msg: "{{ cc.c1 }}"- name: test4debug:msg: "{{ cc.c2 }}"
~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": "this is 1"
}TASK [test2] *******************************************************************
ok: [node1] => {"msg": 2
}TASK [test3] *******************************************************************
ok: [node1] => {"msg": "3"
}TASK [test4] *******************************************************************
ok: [node1] => {"msg": "4"
}PLAY RECAP *********************************************************************
node1                      : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

register 注册变量:(使⽤register选项,可以将当前task的输出结果赋值给⼀个变量)

[root@node1 ~]# echo 123 > /tmp/file1

[student@master ansible]$ vim a.yml
---
- name: testhosts: node1tasks:- name: test1shell:cmd: cat /tmp/file1
~    
[student@master ansible]$ ansible-playbook a.ymlPLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
changed: [node1]PLAY RECAP *********************************************************************
node1                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ ansible node1 -m shell -a 'cat /tmp/file1'
node1 | CHANGED | rc=0 >>
123
[student@master ansible]$ vim a.yml
---
- name: testhosts: node1tasks:- name: test1shell:cmd: cat /tmp/file1register: luoqi- name: test2debug:msg: "{{ luoqi }}"
~    
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
changed: [node1]TASK [test2] *******************************************************************
ok: [node1] => {"msg": {"changed": true,"cmd": "cat /tmp/file1","delta": "0:00:00.009407","end": "2025-09-01 16:11:09.516546","failed": false,"msg": "","rc": 0,"start": "2025-09-01 16:11:09.507139","stderr": "","stderr_lines": [],"stdout": "123","stdout_lines": ["123"]}
}PLAY RECAP *********************************************************************
node1                      : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim a.yml
---
- name: testhosts: node1tasks:- name: test1shell:cmd: cat /tmp/file1register: luoqi- name: test2debug:msg: "{{ luoqi.stdout }}"
~  
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
changed: [node1]TASK [test2] *******************************************************************
ok: [node1] => {"msg": "123"
}PLAY RECAP *********************************************************************
node1                      : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0[student@master ansible]$ vim a.yml
---
- name: testhosts: node1tasks:- name: test1shell:cmd: cat /tmp/file1register: luoqi- name: test2debug:var: luoqi.stdout
~  
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
changed: [node1]TASK [test2] *******************************************************************
ok: [node1] => {"luoqi.stdout": "123"
}PLAY RECAP *********************************************************************
node1                      : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

set_fact定义变量

set_fact和register的功能很相似,也是将值赋值给变量。它更像shell中变量的赋值⽅式,可以将某个变量的值赋值给另⼀个变量,也可以将字符串赋值给变量

通过ansible node1 -m setup 可以查询node1主机所有的事实变量

[student@master ansible]$ vim a.yml 
---
- name: testhosts: node1tasks:- name: test1debug:msg: the {{ ansible_fqdn }} address is {{ ansible_default_ipv4.address }}
~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": "the node1.example.com address is 192.168.122.10"
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

通过命令传入变量:

[student@master ansible]$ vim a.yml 
---
- name: testhosts: node1tasks:- name: test1debug:msg: my name is {{ name1 }}
~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
fatal: [node1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'name1' is undefined\n\nThe error appears to be in '/home/student/ansible/a.yml': line 5, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n  tasks:\n    - name: test1\n      ^ here\n"}PLAY RECAP *********************************************************************
node1                      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   [student@master ansible]$ ansible-playbook a.yml -e "name1=syf"PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": "my name is syf"
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

主机清单中的变量:

[student@master ansible]$ vim inventory 
[dev]
node1 name=luoqi
node2[dev:vars]
name1=luoqi[test]
node3
node4[prod]
node5
~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]TASK [test1] *******************************************************************
ok: [node2] => {"msg": "my name is luoqi"
}PLAY RECAP *********************************************************************
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim inventory 
[dev]
node1 name=luoqi
node2[test]
node3
node4[prod]
node5
~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]TASK [test1] *******************************************************************
fatal: [node2]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'name1' is undefined\n\nThe error appears to be in '/home/student/ansible/a.yml': line 5, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n  tasks:\n    - name: test1\n      ^ here\n"}PLAY RECAP *********************************************************************
node2                      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   [student@master ansible]$ mkdir host_vars
[student@master ansible]$ cd host_vars/
[student@master host_vars]$ vim node2.yml
---
name1: luoqi
~  
[student@master host_vars]$ cd ..
[student@master ansible]$ ls
ansible.cfg  fy         inventory  sy1.yml  sy.yml
a.yml        fy.yml     jihua.yml  sy2.yml  webdev.yml
collections  host_vars  roles      sy3.yml
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]TASK [test1] *******************************************************************
ok: [node2] => {"msg": "my name is luoqi"
}PLAY RECAP *********************************************************************
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim host_vars/node2
name1: sy
~  
[student@master ansible]$ ls host_vars/
node2  node2.yml
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]TASK [test1] *******************************************************************
ok: [node2] => {"msg": "my name is sy"
}PLAY RECAP *********************************************************************
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim inventory 
[dev]
node1 name1=123
node2[dev:vars]
name1=456[test]
node3
node4[prod]
node5
~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]TASK [test1] *******************************************************************
ok: [node2] => {"msg": "my name is sy"
}PLAY RECAP *********************************************************************
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ rm -rf host_vars/
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]TASK [test1] *******************************************************************
ok: [node2] => {"msg": "my name is 456"
}PLAY RECAP *********************************************************************
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim inventory 
[dev]
node1 
node2 name1=123[dev:vars]
name1=456[test]
node3
node4[prod]
node5
~     
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]TASK [test1] *******************************************************************
ok: [node2] => {"msg": "my name is 123"
}PLAY RECAP *********************************************************************
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

内置变量 ansible_version:

[student@master ansible]$ vim a.yml 
---
- name: testhosts: node2tasks:- name: test1debug:msg: "{{ ansible_version }}" 
~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]TASK [test1] *******************************************************************
ok: [node2] => {"msg": {"full": "2.13.3","major": 2,"minor": 13,"revision": 3,"string": "2.13.3"}
}PLAY RECAP *********************************************************************
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

内置变量 inventory_hostname:

[student@master ansible]$ vim inventory 
[dev]
192.168.122.10 
node2 [test]
node3
node4[prod]
node5
~  
[student@master ansible]$ vim a.yml 
---
- name: testhosts: devtasks:- name: test1debug:msg: "{{ inventory_hostname }}"
~  
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [192.168.122.10]TASK [test1] *******************************************************************
ok: [192.168.122.10] => {"msg": "192.168.122.10"
}
ok: [node2] => {"msg": "node2"
}PLAY RECAP *********************************************************************
192.168.122.10             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim inventory 
[dev]
node1
node2[test]
node3
node4[prod]
node5
~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": "node1"
}
ok: [node2] => {"msg": "node2"
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

内置变量 play_hosts:

[student@master ansible]$ vim a.yml 
---
- name: testhosts: devtasks:- name: test1debug:msg: "{{ play_hosts }}"        
~  
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": ["node1","node2"]
}
ok: [node2] => {"msg": ["node1","node2"]
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node2                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim a.yml 
---
- name: testhosts: testtasks:- name: test1debug:msg: "{{ play_hosts }}"
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node4]
ok: [node3]TASK [test1] *******************************************************************
ok: [node3] => {"msg": ["node3","node4"]
}
ok: [node4] => {"msg": ["node3","node4"]
}PLAY RECAP *********************************************************************
node3                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node4                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

内置变量 groups:

[student@master ansible]$ vim a.yml 
---
- name: testhosts: node1tasks:- name: test1debug:msg: "{{ groups }}"    
~  
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": {"all": ["node1","node2","node3","node4","node5"],"dev": ["node1","node2"],"prod": ["node5"],"test": ["node3","node4"],"ungrouped": []}
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim inventory 
node5[dev]
node1
node2[test]
node3
node4~   
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": {"all": ["node5","node1","node2","node3","node4"],"dev": ["node1","node2"],"test": ["node3","node4"],"ungrouped": ["node5"]}
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

内置变量 group_names:

[student@master ansible]$ vim a.yml 
---
- name: testhosts: node1tasks:- name: test1debug:msg: "{{ groups.all }}"
~  
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": ["node5","node1","node2","node3","node4"]
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim a.yml 
---
- name: testhosts: node1tasks:- name: test1debug:msg: "{{ group_names }}"
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": ["dev"]
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [student@master ansible]$ vim a.yml 
---
- name: testhosts: node5tasks:- name: test1debug:msg: "{{ group_names }}"
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node5]TASK [test1] *******************************************************************
ok: [node5] => {"msg": ["ungrouped"]
}PLAY RECAP *********************************************************************
node5                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

内置变量 inventory_dir:

[student@master ansible]$ vim a.yml 
---
- name: testhosts: node5tasks:- name: test1debug:msg: "{{ inventory_dir }}"
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node5]TASK [test1] *******************************************************************
ok: [node5] => {"msg": "/home/student/ansible"
}PLAY RECAP *********************************************************************
node5                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

With_items 叠加变量—可以给一个变量赋予多个值:

[student@master ansible]$ vim a.yml 
---
- name: testhosts: node5tasks:- name: create useruser:name: "{{ item }}" state: presentwith_items:- user1- user2- user3
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node5]TASK [create user] *************************************************************
changed: [node5] => (item=user1)
changed: [node5] => (item=user2)
changed: [node5] => (item=user3)PLAY RECAP *********************************************************************
node5                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
[student@master ansible]$ vim a.yml 
---
- name: testhosts: node5tasks:- name: test1shell:cmd: echo {{ item }}with_items:- a- b- c     
~  
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node5]TASK [test1] *******************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)PLAY RECAP *********************************************************************
node5                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
[student@master ansible]$ vim a.yml 
---
- name: testhosts: node5tasks:- name: test1shell:cmd: echo {{ item }}with_items:- a- b- cregister: sy- name: test2debug:var: sy
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node5]TASK [test1] *******************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)TASK [test2] *******************************************************************
ok: [node5] => {"sy": {"changed": true,"msg": "All items completed","results": [{"ansible_loop_var": "item","changed": true,"cmd": "echo a","delta": "0:00:00.008888","end": "2025-09-02 10:52:36.851330","failed": false,"invocation": {"module_args": {"_raw_params": "echo a","_uses_shell": true,"argv": null,"chdir": null,"creates": null,"executable": null,"removes": null,"stdin": null,"stdin_add_newline": true,"strip_empty_ends": true,"warn": false}},"item": "a","msg": "","rc": 0,"start": "2025-09-02 10:52:36.842442","stderr": "","stderr_lines": [],"stdout": "a","stdout_lines": ["a"]},{"ansible_loop_var": "item","changed": true,"cmd": "echo b","delta": "0:00:00.005314","end": "2025-09-02 10:52:37.533682","failed": false,"invocation": {"module_args": {"_raw_params": "echo b","_uses_shell": true,"argv": null,"chdir": null,"creates": null,"executable": null,"removes": null,"stdin": null,"stdin_add_newline": true,"strip_empty_ends": true,"warn": false}},"item": "b","msg": "","rc": 0,"start": "2025-09-02 10:52:37.528368","stderr": "","stderr_lines": [],"stdout": "b","stdout_lines": ["b"]},{"ansible_loop_var": "item","changed": true,"cmd": "echo c","delta": "0:00:00.007496","end": "2025-09-02 10:52:38.314184","failed": false,"invocation": {"module_args": {"_raw_params": "echo c","_uses_shell": true,"argv": null,"chdir": null,"creates": null,"executable": null,"removes": null,"stdin": null,"stdin_add_newline": true,"strip_empty_ends": true,"warn": false}},"item": "c","msg": "","rc": 0,"start": "2025-09-02 10:52:38.306688","stderr": "","stderr_lines": [],"stdout": "c","stdout_lines": ["c"]}],"skipped": false}
}PLAY RECAP *********************************************************************
node5                      : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
[student@master ansible]$ vim a.yml 
---
- name: testhosts: node5tasks:- name: test1shell:cmd: echo {{ item }}with_items:- a- b- cregister: sy- name: test2debug:var: sy.results[0].stdout- name: test3debug:var: sy.results[1].stdout- name: test4debug:var: sy.results[2].stdout
~ 
[student@master ansible]$ ansible-playbook a.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node5]TASK [test1] *******************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)TASK [test2] *******************************************************************
ok: [node5] => {"sy.results[0].stdout": "a"
}TASK [test3] *******************************************************************
ok: [node5] => {"sy.results[1].stdout": "b"
}TASK [test4] *******************************************************************
ok: [node5] => {"sy.results[2].stdout": "c"
}PLAY RECAP *********************************************************************
node5                      : ok=5    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

管理机密

Ansible可能需要访问密码或者API密钥等敏感数据,以便配置受控主机。通常,此信息可能以纯文本形式存储在清单变量或其他ansible文件中。但若如此,任何有权访问ansible文件的用户或者存储这些ansible文件的版本控制系统都能够访问此敏感数据。这显然存在安全风险

使用ansible随附的ansible vault 可以加密和解密任何由ansible使用的结构化数据文件。若要使用ansible vault,可通过一个名为ansible-vault的命令行工具创建、编辑、加密、解密和查看文件。Ansible vault可以加密任何由ansible使用的结构化数据文件。这可能包括清单变量、playbook中含有的变量文件、在执行playbook时作为参数传递的变量文件,或者ansible角色中定义的变量

实验:

[student@master ansible]$ ansible-vault create y.yml
New Vault password: 
Confirm New Vault password: 
---
- name: testhosts: node1tasks:- name: test1debug:msg: echo 123
~   
[student@master ansible]$ cat y.yml 
$ANSIBLE_VAULT;1.1;AES256
30313530326231663234393135303439356135626632646132653334336638373435613832653638
3266386166666461346662303765316363363232326466660a306634366462613538303066646132
39383238643331336639373038666162633965666630343439653164393562383738303963386131
6130356266353761300a333439373032363762353438343632393838643064353537383163336534
63333530316463343163656363613231643463343530383231646365396537396264386237373232
66393035643837336535633432336235346530353531356138613335326639363063656364633764
34313031313733303136316364653231626333353534333331306137343237643765343664373330
66383162653536383065306535343439643864643261386632376434353735373230623966383462
3033
[student@master ansible]$ ansible-vault view y.yml 
Vault password: 
---
- name: testhosts: node1tasks:- name: test1debug:msg: echo 123
[student@master ansible]$ ansible-vault edit y.yml 
Vault password: 
---
- name: testhosts: node1tasks:- name: test1debug:msg: echo 123
~

加密后的文件直接用playbook执行会报错,那么该使用什么命令呢?

使用选项–vault-id @prompt或者–ask-vault-pass

[student@master ansible]$ ansible-playbook y.yml 
ERROR! Attempting to decrypt but no vault secrets found

[student@master ansible]$ ansible-playbook y.yml --ask-vault-pass
Vault password: PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": "echo 123"
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
[student@master ansible]$ ansible-vault decrypt y.yml
Vault password: 
Decryption successful
[student@master ansible]$ vim y.yml 
---
- name: testhosts: node1tasks:- name: test1debug:msg: echo 123
~  
[student@master ansible]$ ansible-playbook y.yml PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": "echo 123"
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

查看加密的文件:

[student@master ansible]$ cp y.yml f.yml
[student@master ansible]$ cat f.yml 
---
- name: testhosts: node1tasks:- name: test1debug:msg: echo 123
[student@master ansible]$ ansible-vault encrypt f.yml
New Vault password: 
Confirm New Vault password: 
Encryption successful
[student@master ansible]$ vim syf.txt
redhat
~   
[student@master ansible]$ chmod 600 syf.txt 
[student@master ansible]$ ansible-vault encrypt y.yml --vault-id syf.txt 
Encryption successful
[student@master ansible]$ vim y.yml 
$ANSIBLE_VAULT;1.1;AES256
37313265326633386366316430653663663439383761336161383662303165633666663532363331
3832303331366432646164663339346261346165663539660a393432653133653066303932333630
37653837306164373462306465633536643266326364303064333438373765643433353966636435
3061653134396538610a326134323033313533316265373937653362303166656437613066306161
36316634306139613636303664393230373665333635643437653436663335643239663465346165
34386431656162393130303732333762323066396139623130626533346333373038353062623132
32393235313562616233323961643039643063333931653435303235333138653065333237666433
61333738303361613933633730623261636534373066343233356230646438373037356638616466
3664
~  
[student@master ansible]$ ansible-vault view y.yml 
Vault password: 
---
- name: testhosts: node1tasks:- name: test1debug:msg: echo 123
[student@master ansible]$ ansible-playbook y.yml --vault-id syf.txt  
PLAY [test] ********************************************************************TASK [Gathering Facts] *********************************************************
ok: [node1]TASK [test1] *******************************************************************
ok: [node1] => {"msg": "echo 123"
}PLAY RECAP *********************************************************************
node1                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
[student@master ansible]$ vim f.yml 
$ANSIBLE_VAULT;1.1;AES256
36363833633939363664306434383437666465653336303432646131323831663235376132313938
3463643130386461656335306439653663393762353131310a373434643734346536373064326137
66353431616561326365313732356363373632323065633965656132636536383264326164366464
3131336137643430610a373335306536376562373362363131373239323831313863363264313065
30343131643839656565353533656331313436646639376533623735386366366331633136666638
36323232323361663536303035656139623433313038663762306532663534323435643561346330
37626537303961316162373633356165633561393562396134356261343532643937336635373738
65663439326633653162343735666362353762333165633661316534653463303361303231663361
6131
~

更改加密文件的密码:

[student@master ansible]$ ansible-vault rekey f.yml
Vault password:                        //输入旧密码
New Vault password:                    //输入新密码
Confirm New Vault password:            //输入新密码
Rekey successful
http://www.xdnf.cn/news/19810.html

相关文章:

  • AV1 HEADERS详解
  • 专为 SOC 分析师和 MSSP 设计的威胁搜寻指南
  • flink中的窗口的介绍
  • mysql5.6+分页时使用 limit+order by 会出现数据重复问题
  • Mysql杂志(七)
  • Shell脚本入门:从零到精通
  • C# 原型模式(C#中的克隆)
  • “转”若惊鸿,电磁“通”——耐达讯自动化RS485转Profinet点亮能源新章
  • 【NestJS】HTTP 接口传参的 5 种方式(含前端调用与后端接收)
  • 【卷积神经网络】卷积神经网络的三大核心优势:稀疏交互、参数共享与等变表示
  • C++之基于正倒排索引的Boost搜索引擎项目介绍
  • 如何解决pip安装报错ModuleNotFoundError: No module named ‘black’问题
  • 【提示词】...(后续单元)在Prompt 的作用
  • 【linux仓库】万物至简的设计典范:如何用‘文件’这一个概念操纵整个Linux世界?
  • 在Docker中安装MySQL时3306端口占用问题
  • 论文学习30:LViT: Language Meets Vision Transformerin Medical Image Segmentation
  • 使用云手机进行游戏搬砖划算吗?
  • 国内真实的交换机、路由器和分组情况
  • 【保姆级喂饭教程】把chrome谷歌浏览器中的插件导出为CRX安装包
  • LeetCode 925.长按键入
  • 数据结构:希尔排序 (Shell Sort)
  • 【51单片机】【protues仿真】基于51单片机呼叫系统
  • 基于Force-closure评估的抓取计算流程
  • 生成知识图谱与技能树的工具指南:PlantUML、Mermaid 和 D3.js
  • 【AI报表】JimuReport 积木报表 v2.1.3 版本发布,免费可视化报表和大屏
  • 【leetcode】222. 完全二叉树的节点个数
  • Altium Designer中的Net-Tie:解决多网络合并与电气隔离的利器
  • CPTS-Vintage 票据,基于资源的约束委派 (RBCD),DPAPI密钥
  • 自制扫地机器人(二) Arduino 机器人避障设计——东方仙盟
  • Veo Videos Generation API 对接说明